IOC Radar
IPMediumSignal 60/100

194.247.173.99

Location
MexicoMexico
Boryspil, Kyivska oblast
ASN
AS48230
LLC MONOLITH.NET
First Seen
May 10, 2023
Last Seen
May 31, 2026
May 10
First Seen
1127d ago
May 31
Last Seen
10d ago
17
Reports
source reports
60%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

76 techniques

Network Information

CountryMXMexico
RegionBoryspil, Kyivska oblast
ASNAS48230
OrganizationLLC MONOLITH.NET

IP Category

Proxy
Proxy server

Feed Intelligence Summary

17 reports60% confidence
17
Source reports
60%
Confidence score
Category tags
50 ip addressesabuseabuseipdbaccess controlactive scanactive scanningadbadbhoney activityadbhoney honeypotaerospace & defenseafricaapacheapache attackeraptargentinaasiaattackaustraliaauto-blockedauto-blocked ipauto-generatedauto-generated securityauto-updatedautomated attackautomated scanautomated threatautomotive manufacturingbad reputationbad web botbangladeshbde 80bde score 80bde score 80+bde score alertbde score: 80bde score: highbelgiumblocked-ipsblocklist_allbolivarian republic ofbotnetbotnet activitybotnet activity detectionbrand weaponizationbrazilbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcec&c communicationc2c2 communicationcanadachinacisco devicecisco exploit attemptscisco exploitation attemptscisco_exploitcivil servicescommand & controlcommand and controlcommunication protocolcompromised credentialscompromised hostcompromised hostscompromised infrastructurecompromised systemsconpot honeypotcowrie activitycowrie honeypotcowrie_attackcredential accesscredential dumpingcredential harvestingcredential stuffingcredential_accesscryptocurrencycryptocurrency threatscryptojackingcyber threatsdata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase enumerationdatabase scanningdatabase securityddosddos attackdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaea activitydionaea honeypotdistributed attackdistributed attackselasticpot honeypotelasticsearch monitoringelectronic health recordselectronics manufacturingemerging threatencryptionenterprise networkingeuropeeurope/asiaeuropean ipexploitexploit attemptsexploit kit activityexploit probingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilitiesexploitation of vulnerabilityexploited hostexternal threatfattfinancefinancial servicesfinlandfranceftpftp attacksftp brute forcegeo-distributed attackgeographically diverse attacksgeographically diverse ipsgermanygithubglobal threatgovernment technologyhackinghealth care and social assistancehealth information technologyhealthcare information systemsherolding attackshigh bdehigh bde scorehigh confidence threathigh suspicion levelhigh threat levelhoneynet connecthoneytrap honeypothong konghong kong iphospital managementhttp brute forcehttp scannerhttpsics securityics/scada systemsidentity & access exploitationindiaindia ipindustrial automationindustrial control systemsindustrial iotindustrial productioninformation technologyinfostealerinitial accessinitial access attemptinitial_accessinjection activityintrusion detectioniociocsiocs: ip addressesiot securityiot systemsiot/ics attackipphoney honeypotiraqircirelandisp-reputationit infrastructureitalyjapankenyalamplamp attackslamp exploit attemptslamp exploitation attemptslamp stack targetinglamp_exploitlateral movementlithuanialogin attemptmailoney honeypotmalicious activitymalicious email activitymalicious ip activitymalicious ip addressesmalicious ipsmalicious network trafficmalicious softwaremalicious software targetingmalicious trafficmalwaremalware behaviourmalware capturemalware detectionmalware distributionmanufacturing technologymedical servicesmexicomilitary operationsmitre-attackmodbusmoroccomulti-country originmulti-national activitymultiple countriesmultiple countries originmultiple origin ipsnational securitynetherlandsnetworknetwork activitynetwork anomaliesnetwork anomalynetwork attacksnetwork devicesnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork threat huntingnetwork traffic analysisnew zealandnextraynigerianorth americanorwayoceaniap0fpassword attackpassword attackspatient carepattern-32pattern-38philippinesphishingphishing attackphishing botphishing trappolandpossible botnet activitypossible credential reusepossible malware probingpossible reconnaissancepotential botnetpotential botnet activitypotential ddos attackpotential intrusion attemptpotential malware distributionpotential malware infectionpotential threat actorprocess injectionprocess manufacturingprotocol abuseprotocol exploitationproxypublic administrationpublic infrastructurepublic policyquality controlransomwarereconnaissanceregulatory agenciesremote accessremote access attemptsremote servicesresearchedresidential proxyresource hijackingrussias7commscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer attackssentrypeer botnetservice scansftp access attemptsftp access attemptssftp attacksftp attackssftp_attacksingaporesingapore ipsip attackssip brute forcesip heraldingsip scanningsip vulnerability probingsip_attacksmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentsouth africasouth americaspamspam botsshssh attackssh attacksssh monitoringssh_bruteforcessl enrichmentssl-enrichmentssl/tls enrichmentstealcstix 2.1stix-2.1supply chain attacksupply chain managementsupply-chainsuspicious-udpswedensystem accesst-pott1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1036.006t1040t1041t1046t1047t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.004t1076t1078t1083t1090t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1140t1190t1195.002t1199t1203t1204t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1547.001t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1573.002t1583.006t1585t1586t1589t1592t1595t1595.001t1595.002t1595.003taiwantannertargeting databasetcp protocoltcp scanteam cymrutelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelthreat-intelligencetor nodetpotudp scanukraineunauthenticated access attemptsunauthorized accessunauthorized access attemptunited kingdomunited statesunknown threat actoruzbekistanvenezuela, bolivarian republic ofvoipvoip attackvulnerability scanweb app attackweb applicationweb application attackweb application scanningweb attackweb exploitweb exploitationweb exploitsweb serversweb spamweb traffic

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
17
Reports
First seenMay 10, 2023
Last seenMay 31, 2026
GeolocationMX
CountryMexico
LocationBoryspil, Kyivska oblast
ASNAS48230
OrgLLC MONOLITH.NET
Coords50.3540, 30.9523
Proxy

VirusTotal

Not checked

WHOIS

description
2025-09-02T13:52:32.587Z Honeypot : Tanner : Source: 194.247.173.99 : Port: 80 Post Data: {'response': {'message': {'sess_uuid': '75883608-e679-4e41-80a2-bc7bac8fe241', 'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}}}, 'version': '0.6.0'}
raw
inetnum: 194.247.172.0 - 194.247.173.255 netname: MONOLITNET country: UA org: ORG-LM4-RIPE admin-c: VY444-RIPE tech-c: VY444-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: MONOLITH-MNT mnt-by: MONO mnt-routes: MONOLITH-MNT mnt-routes: MONO mnt-domains: MONOLITH-MNT mnt-domains: MONO created: 2009-11-18T09:36:08Z last-modified: 2017-02-28T13:18:50Z source: RIPE sponsoring-org: ORG-Vs35-RIPE organisation: ORG-LM4-RIPE org-name: LLC MONOLITH.NET country: UA org-type: OTHER address: 8-A Novopropizna str., 08300 Boryspil address: Ukraine admin-c: MN582-RIPE admin-c: VY444-RIPE tech-c: MN582-RIPE tech-c: VY444-RIPE phone: +380674435638 abuse-c: AR21901-RIPE created: 2008-10-23T09:59:09Z last-modified: 2022-12-01T16:35:43Z source: RIPE # Filtered mnt-ref: MONOLITH-MNT mnt-ref: MONO mnt-by: MONOLITH-MNT mnt-by: MONO person: Vitaliy Yarmolenko address: 8-A Novopropizna str., 08300, Boryspil phone: +380 67 4435638 nic-hdl: VY444-RIPE mnt-by: MONO mnt-by: MONOLITH-MNT mnt-by: MNT-QUADRO created: 2016-11-04T08:17:09Z last-modified: 2016-11-04T09:01:05Z source: RIPE route: 194.247.172.0/23 descr: LLC MONOLITH.NET origin: AS48230 mnt-by: MONOLITH-MNT mnt-by: MONO created: 2009-11-24T13:46:49Z last-modified: 2016-11-04T11:17:53Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 10 days ago
Appeared in 17 threat reports